CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 1CVE-2014-3687 – kernel: net: sctp: fix panic on duplicate ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3687
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. La función sctp_assoc_lookup_asconf_ack en net/sctp/associola.c en la implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (kernel panic) a través de trozos ASCONF duplicados que provocan una liberación incorrecta dentro del intérprete de efectos secundarios. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/60425 http://www.debian.org/security/2014/dsa-2985 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http:&# •
CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 0CVE-2014-2978
https://notcve.org/view.php?id=CVE-2014-2978
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. La función Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.4 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la interfaz Voodoo, lo que provoca una escritura fuera de rango. • http://advisories.mageia.org/MGASA-2015-0176.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html http://secunia.com/advisories/58448 http://www.mandriva.com/security/advisories?name=MDVSA-2015:223 http://www.openwall.com/lists/oss-security/2014/05/15/10 https://security.gentoo.org/glsa/201701-55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 0CVE-2014-2977
https://notcve.org/view.php?id=CVE-2014-2977
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. Múltiples errores de sino de enteros en la función Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.13 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la interfaz Voodoo, lo que provoca un desbordamiento de buffer basado en pila. • http://advisories.mageia.org/MGASA-2015-0176.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html http://secunia.com/advisories/58448 http://www.mandriva.com/security/advisories?name=MDVSA-2015:223 http://www.openwall.com/lists/oss-security/2014/05/15/9 https://security.gentoo.org/glsa/201701-55 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 2%CPEs: 7EXPL: 1CVE-2013-1864
https://notcve.org/view.php?id=CVE-2013-1864
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de entidad, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un documento PXML manipulado que contiene un número grande de referencias de entidad anidadas, también conocido como 'ataque de un billón de risas.' • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html http://osvdb.org/91439 http://seclists.org/oss-sec/2013/q1/674 http://secunia.com/advisories/52659 http://sourceforge.net/p/opalvoip/code/28856 http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available http://www.securityfocus.com/bid/58520 https://exchange.xforce.ibmcloud.com/vulnerabilities/82885 https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •